Phishing engagements they can uncover how susceptible are the employees of a company in this type of attack. The fact that almost anybody can implement very fast a phishing scam in order to obtain valid credentials and other sensitive information makes it important for companies to test the security awareness of their users and to include phishing exercises into their security testing program. Most of the times this type of attack is successful because it is exploiting the user trust in conjunction with the lack of security awareness of the user.

However even though as a community through the years we have built frameworks and tools for almost every type of assessment we never had a tool which it will implement and manage a phishing engagement very fast, simple and with the stats that we need for our clients. Phishing Frenzy is here to close this gap and to assist the penetration testers that conduct phishing engagements.

Phishing Frenzy is a tool which created by @zeknox , a security consultant and researcher from Accuvant Labs. One of the main advantages compared to other similar tools is that you can manage your phishing tests more efficiently as you can include the scope of your engagement as well when you create a new phishing campaign.

phishing frenzy – campaign

Another advantages of Phishing Frenzy is that it can generate statistics regarding the users in scope (i.e. how many clicked the link?) which is always essential for the clients who order this type of test and the penetration tester as this information can be included as well in the final report.

Phishing Options

By default there are two templates installed but you can add more so you can create multiple scenarios.

Phishing Frenzy – Templates

In the presentation of Phishing Frenzy at DerbyCon the creator of the tool mentioned something which I believe it is really important:

“If you spend the time to create a phishing template that works with this framework, you can share it with the community…”

This is a great opportunity for the penetration testers that they are conducting phishing engagements to collaborate and to share their templates through this framework in order to make the tool even better and to improve the quality of our work.